Abstract
The increasing number of Internet of Things devices, and their limited built-in security, has led to a scenario where many of the most powerful and dangerous botnets nowadays are comprised of these type of compromised devices, being the source of the most important distributed denial of service attacks in history. This work proposes a solution for monitoring and studying IoT-based botnet malware activity by using a distributed system of low interaction honeypots implementing Telnet and SSH remote access services, that are used to manage the majority of IoT devices in the home environment like routers, cameras, printers and other appliances. The solution captures and displays real-time data coming from different honeypots at different locations worldwide, allowing the logging and study of the different connections and attack methodologies, and obtaining samples of the distributed malware. All the information gathered is stored for later analysis and categorization, resulting in a low-cost and relatively simple threat information and forecasting system regarding IoT botnets.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
References
Statista: Internet of Things (IoT) connected devices installed base worldwide from 2015–2025 (2019). https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/
Wu, G., Talwar, S., Johnsson, K., Himayat, N., Johnson, K.D.: M2M: from mobile to embedded internet. IEEE Commun. Mag. 49(April), 36–43 (2011)
Margolis, J., Oh, T.T., Jadhav, S., Kim, Y.H., Kim, J.N.: An In-depth analysis of the mirai botnet. In: Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017 (2018)
Antonakakis, M., et al.: Understanding the Mirai Botnet. In: 26th USENIX Security Symposium (2017)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer (Long. Beach. Calif)., vol. 50, no. 7, pp. 80–84 (2017)
Kishore, A.: Turning Internet of Things (IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets, arXiv.org (2017). https://arxiv.org/abs/1702.03681v1
Joshi, R.C., Sardana, A.: Honeypots: A New Paradigm to Information Security, 1st edn. CRC Press, Boca Raton (2011)
Provos, N., Holtz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison Wesley Professional, Boston (2007)
Mohammed, M., Rehman, H.: Honeypots and Routers. Collecting Internet Attacks. CRC Press, Boca Raton (2016)
Williams, M., et al.: Expert Twisted: Event-Driven and Asynchronous Programming with Python. Apress, New York (2019)
Edwards, S., Profetis, I.: Hajime: Analysis of a decentralized internet worm for IoT devices. (2016). https://security.rapiditynetworks.com/publications/2016-10-16/hajime.pdf
Sochor, T., Zuzcak, M.: Study of internet threats and attack methods using honeypots and honeynets. Commun. Comput. Inf. Sci. 43, 118–127 (2014)
Guarnizo, J., et al.: SIPHON: towards scalable high-interaction physical honeypots. In: CPSS 2017 - Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, co-located with ASIA CCS 2017 (2017)
Luo, T., Xu, Z., Jin, X., Jia, Y., Ouyang, X.: IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices. Blackhat (2017)
Pa, Y., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: a novel honeypot for revealing current IoT threats. J. Inf. Process. 24(3), 522–533 (2016)
Wang, M., Santillan, J., Kuipers, F.: ThingPot: an interactive Internet-of-Things honeypot (2018). https://arxiv.org/abs/1807.04114
Gandhi, U.D., Kumar, P.M., Varatharajan, R., Manogaran, G., Sundarasekar, R., Kadu, S.: HIoTPOT: surveillance on IoT devices against recent threats. Wirel. Pers. Commun., pp. 1–16 (2018)
Vervier, P.A., Shen, Y.: Before toasters rise up: a view into the emerging IoT threat landscape. Proceedings of the Research in Attacks, Intrusions, and Defenses 2018, 556–576 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Vidal-González, S. et al. (2020). Analyzing IoT-Based Botnet Malware Activity with Distributed Low Interaction Honeypots. In: Rocha, Á., Adeli, H., Reis, L., Costanzo, S., Orovic, I., Moreira, F. (eds) Trends and Innovations in Information Systems and Technologies. WorldCIST 2020. Advances in Intelligent Systems and Computing, vol 1160. Springer, Cham. https://doi.org/10.1007/978-3-030-45691-7_30
Download citation
DOI: https://doi.org/10.1007/978-3-030-45691-7_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45690-0
Online ISBN: 978-3-030-45691-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)